We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Connect to DB in snippet

    • 40122
    • 330 Posts
    meltingdog Reply #21, 11 years, 7 months ago
    I tried commenting out the example and removing the dashes - but not luck

    /* Table names to process this is only necessary if your table prefix is
 * the same as that of the MODx tables. You can send a comma-separated list
 * of full table names. In that case the class name will be the table name 
 * minus the prefix with any underscores removed and any letter after an 
 * underscore in upper case.
 *
 * You can also send an array of arrays of tableName => className, 
 * which allows you to specify the exact class name rather then letting
 * MODx create it from the table name. Each inner array specifies a full
 * table name and the class name to use.
 *
 * NOTE: This feature may not be implemented yet.
 *
 * Examples:
 *
 *$myTables = 'bobs_quotation';
 *
 *$myTables = array(
 *   array(
 *     'bobs_quotation'=>'bobQuotation'
 *  )
 *);
 *
*/


    It seems ok when I remove everything between the $myPrefix and $myTables lines
      http://radianweb.com.au
      • 40122
      • 330 Posts
      meltingdog Reply #22, 11 years, 7 months ago
      OK - Ive gotten this far:

      I am able to query the DB but not when I use PHP vars in the query like this:

      $loginemail = $_POST['loginemail'] ;
$loginpassword = $_POST['loginpassword'] ;

$logincheck = "SELECT * FROM `ft_gameusers` WHERE `email` = '".$loginemail."' AND `password` = '".$loginpassword."'";

$query = $modx->query($logincheck);

if ($query) {
    while ($row = $query->fetch(PDO::FETCH_ASSOC)) {

 echo $row['email'];

    }
}


      Im assuming ModX is blocking this. Is this correct?
        http://radianweb.com.au
        • 3749
        • 24,544 Posts
        BobRay Reply #23, 11 years, 7 months ago
        If I had to guess, I'd say that the username and password references in the earlier comment make mod_security nervous and this line pushes it over the edge:

         You can also send an array of arrays of tableName => className,


        mod_security uses a crapload of regex searches, often for very old exploits that are no longer a threat, and they periodically match something completely innocuous, like using a particular name for a URL parameter.

        Your host could tell you which mod_security rule is being violated (or which rules, there may be more than one) and some hosts will turn off a specific set of rules on request.

        If I knew specifically what it was choking on, I could easily rewrite the file to prevent that, but I hate to take out the whole comment.


        ------------------------------------------------------------------------------------------
        PLEASE, PLEASE specify the version of MODX you are using.
        MODX info for everyone: http://bobsguides.com/modx.html
          Did I help you? Buy me a beer
          Get my Book: MODX:The Official Guide
          MODX info for everyone: http://bobsguides.com/modx.html
          My MODX Extras
          Bob's Guides is now hosted at A2 MODX Hosting
          • 40122
          • 330 Posts
          meltingdog Reply #24, 11 years, 7 months ago
          Quote from: BobRay at Sep 19, 2012, 06:57 AM
          If I had to guess, I'd say that the username and password references in the earlier comment make mod_security nervous and this line pushes it over the edge:

          Hmm so you are saying that security is blocking the use of the PHP vars because they mention the words 'password' and 'email'? If I changed them to 'var1' and 'var2' it would work?

          The interesting thing is the query works fine if I hard code an email and password into it
            http://radianweb.com.au
            • 3749
            • 24,544 Posts
            BobRay Reply #25, 11 years, 7 months ago
            There's no way to know without trying it I was just making a wild guess.

            As I mentioned, at one time mod_security would throw a fit if you used the word "from" more than once in come contexts.

            The guy who found that out edited the post and deleted words one at a time (testing as he went) until he found that it was the second "from" that was triggering mod_security.


            ------------------------------------------------------------------------------------------
            PLEASE, PLEASE specify the version of MODX you are using.
            MODX info for everyone: http://bobsguides.com/modx.html
              Did I help you? Buy me a beer
              Get my Book: MODX:The Official Guide
              MODX info for everyone: http://bobsguides.com/modx.html
              My MODX Extras
              Bob's Guides is now hosted at A2 MODX Hosting